Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > British Airways | Executive Club
Reload this Page >

BA Investigating Theft of Personal and Financial Data

BA Investigating Theft of Personal and Financial Data

    Hide Wikipost
Old Nov 24, 18, 3:49 am   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: tbm13
Wiki Link
Are you trying to change your BA password and having difficulty doing so? For some suggestions, go to this wikipost.
---------------------------------------------------------------------------------------------------------------------
On Thursday 6 September 2018 at about 1830 London time (UTC+1), BA announced that there had been a data breach involving customers using the BA website and the BA mobile app.

Updates from BA are being posted to this ba.com page: https://www.britishairways.com/en-gb...st-information
A further update dated 25 October 2018 can be found in this post 1377. The SPG Law class action thread can be found here.

As at 1400 London time on Tuesday 11 September 2018, the body of that page read:-
Customer data theft

We are investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21 2018 until 21:45 BST September 5 2018 from our website, ba.com, and our mobile app.

The stolen data included personal and financial details of customers making bookings and changes on ba.com and the airline’s app. The data did not include travel or passport details.

The theft has been reported to the authorities and our website is now working normally.

What to do if you have been affected

If you believe you may have been affected because you made a booking or paid to change to your booking with a credit or debit card on ba.com or the mobile app between 22:58 BST August 21 2018 until 21:45 BST September 5 2018, we recommend you contact your bank or credit card provider and follow their advice.

We understand that this incident will cause concern and inconvenience. We are contacting all affected customers to say sorry, and we will continue to update them in the coming days.

Phishing

Customers should also be aware that fraudsters may be claiming to be British Airways and attempt to gather personal information by deception (known as 'phishing').

We will not be contacting any customers asking for payment card details and any such requests should be reported to the police and relevant authorities.

See below for more information on how to validate that the email you have received from us is genuine.
That is followed by a series of FAQs. These are reproduced at the end of this wikipost.

If you are experiencing difficulties in changing your BA password or want further information about doing so, some information is in this thread: https://www.flyertalk.com/forum/brit...rd-ba-com.html (which also has a wikipost).

Reports from FTers suggest that credit card companies and banks are taking differing approaches to this incident:-
  • American Express - A recorded message says they are aware of the breach, there is no need to take any further action and if you suffer any financial loss you will be fully compensated; an email says: "There is no action you need to take – we will contact you immediately if there's any unusual activity with your Account. In the meantime you can continue to use your Card as normal" (see post 293, post 401, post 470 and post 491).
  • Barclaycard - They just assured me I was fully protected, and I didn't need to do anything yet (see post 253); however at 18.20 on 7/9/18 the customer service helpline automated message says that affected cards are being reissued (see post 511).
  • Barclays Bank - They have contacted people they believe to have been affected, and have blocked their cards from online use (website/app), but the cards remain valid for physical (chip & PIN) transactions in shops, ATMs etc. New cards being dispatched "within a week" (see post 918).
  • Capital One - online transactions being blocked, new cards being issued (see post 493).
  • Chase (British Airways visa) - no contact from Chase about data breach and card still working
  • HSBC Premier Mastercard - Offering customers the option to freeze the card or replace it with a new card (see post 274).
  • Lloyds - Said "wait and see", but did give the option to cancel the card and have it reissued (see post 403).
  • Lloyds Mastercard - Based on the information they have, fraudulent use of my card is unlikely, just keep an eye on online banking and report anything suspicious (see post 370).
  • Monzo - Automatically replacing all cards (see post 371).
  • Natwest- Of the opinion that as there had been no fraudulent activity on my account to just keep an eye on things, and to call immediately if any suspicious transactions appear and fraud team would refund (post 315).
  • Sainsburys Bank - seem to be replacing all cards proactively (see post 968)
  • Starling - Automatically replacing cards (see post 460).
  • Tesco Bank - Pro-actively sending a new card as per details in this post (post 484)
  • TSB - Call the Telephone Banking Team on 03459 758758 to discuss further (see post 437).
  • Vanquis - online transactions being blocked, new cards being issued (see post 493).
FAQs (as at 1400 London time on Tuesday 11 September 2018):-
Have I been affected?

How do I know if I have been affected?

Customers who made bookings or changes to their bookings on ba.com or our mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 may have been affected.

We advise any customers who believe they may have been affected to contact their banks or credit card providers and follow their advice.

We are experiencing high call volumes into our contact centres so please continue to check this page for the latest information.

Contact us

What data has been lost?

The personal and financial details of customers making bookings on ba.com and our mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 was compromised. No passport or travel details were stolen. Only customers who made bookings between these dates are affected.

Names, billing address, email address and all bank card details were all at risk.

Did this affect just new bookings or any payment transaction made within the impacted time period?

All payment transactions made on ba.com or our mobile app from 22:58 BST August 21 2018 to 21:45 September 5 2018 inclusive were affected. Nothing before or after these dates and times was impacted. Payments made through our call centres, travel agents or online travel sites are not affected.

Are my saved payment card details safe if they were used to make a booking in that period?

If you made a payment using a saved card on ba.com or the mobile app from 22:58 BST August 21, 2018 to 21:45 September 5, 2018 inclusive, you may have been impacted.

No Executive Club accounts were compromised in the data theft. There is no impact to Avios or details stored with the British Airways Executive Club.

Has saved credit card data been stolen, even if a booking hasn’t been made in that period?

No, saved payment card data has not been compromised. However, if you made a payment using a saved card on ba.com or the mobile app from 22:58 BST August 21, 2018 to 21:45 September 5, 2018 inclusive, you may have been impacted.

How were phone numbers not affected?

Phone number information is collected in a separate part of the booking process and is not used as part of the payment transaction therefore this has not been impacted.

I used PayPal to pay for my ba.com transaction. Is this impacted?

If you booked through PayPal, your PayPal account will not have been compromised. There does remain the risk that some of your personal information such as your name and address may have been accessed. No passport details or travel details were compromised.

Is Apple Pay affected?

If you used Apple Pay via the mobile app then your data will not have been compromised.

I had a failed payment attempt during the affected time period – am I affected?

If you clicked the pay button on ba.com then the transaction would have taken place even if the outcome was unsuccessful and the data would have been compromised.

We advise any concerned customers to contact their banks or credit card providers and follow their advice.

Will I be affected if I made a free change to my booking but my payment card details were saved in the reservation?

If you made a free change to your booking via ba.com and did not use your payment card as part of that transaction, then you will not have been impacted.

Are travel agent bookings affected?

Only bookings or changes to bookings made directly with ba.com or the mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 were affected.

If a change was made to a travel agent booking on ba.com and payment made for an additional product, such as seat reservations or excess baggage, then these would be affected.

Does this affect Executive Club accounts in any way? i.e. missing Avios/ Tier Points

No accounts were compromised in the data theft. There is no impact to Avios or details stored with the British Airways Executive Club.

I received an email about the data theft, however I only cancelled a booking during this time – will I be affected?

If you cancelled and refunded your booking between 22:58 BST August 21, 2018 and 21:45 September 5, 2018, you will not have been impacted.

---------------------------------------------------------------------------------------------------------

What should I do if I think I am affected?

Should I call my bank or cancel my credit cards?

We recommend that all customers who made bookings or changes to their bookings with ba.com or the mobile app, between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018, contact their banks or credit card providers and follow their advice.

I think my card was compromised when I made a booking on ba.com outside of the time period – what should I do?

The data theft relates to customer bookings made or changed between 22:58 BST August 21, 2018 and 21:45 September 5, 2018 only.

We advise any concerned customers to contact their banks or credit card providers and follow their advice.

How would I know if I have been a victim of identity theft?

There are a number of signs to look out for that may indicate that you might have been a victim of identity theft:-
  • Post from your bank or utility provider doesn’t arrive.
  • You apply for state benefits, but are told you are already claiming.
  • Refused financial services, credit cards or a loan, despite having a good credit rating.
  • Receiving letters in your name from solicitors or debt collectors for debts that aren’t yours.
If you think that you might be a victim of identity theft, then you should:
  • Request a copy of your credit file to check for any suspicious credit applications.
  • Report the theft of personal information and suspicious credit applications to the police and ask for a crime reference number.
  • If fraud has been committed, contact Action Fraud.
I have had some suspicious emails or phone calls – are they legitimate?

If you are concerned about an email, we recommend that you don't click on any links, open any documents or reply to it until you have looked into it further.

Official emails relating to this theft will be sent from: [email protected] You should hover over the sent email address to confirm this is where the email has been sent from before clicking on it.

British Airways will never proactively contact you to request your personal or confidential information. If you ever receive an email or call, claiming to be from us, requesting this information, please report it to us straight away.

We've put the details of the scams we're aware of on our ba.com website security page. There's also security essentials information to help you, along with details of how to report any new scams to us (or other emails/calls that have concerned you).

Will I be reimbursed?

We take the protection of our customers’ data seriously and are very sorry for the concern that this criminal activity has caused.

We will continue to keep our customers updated with the very latest information.

No customer will be out of pocket as a direct result of the criminal theft of data from ba.com and the airline’s mobile app. Any customer who made a booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018 will be reimbursed for any fraudulent activity on their accounts as a direct result of the data theft and we shall advise the process for this in due course.

We will be offering a 12-month credit rating monitoring service to any affected customer who is concerned about an impact to their credit rating, provided by specialists in the field and will share details of this in the near future.

Will BA pay for costs associated with getting new cards, e.g. postage costs?

No customer will be out of pocket as a direct result of the criminal theft of data from ba.com and the airline’s mobile app. We are working through the process and will update our customers as soon as we can.

How do I reset my ba.com password?

ba.com and Executive Club accounts have not been compromised and your login details are safe.

However, if you’d like to change your password, first ensure you are logged out of ba.com and click the Forgotten Pin/Password link on the top right-hand corner of the homepage. We recommend you choose a unique password that you do not use for any other online account.

We are aware of some customers experiencing intermittent issues when attempting to reset their passwords. We are working on resolving this as quickly as possible.

---------------------------------------------------------------------------------------------------------

How does this affect my bookings?

What shall I do if I am due to travel today?

The incident has been resolved and all systems are working normally so customers due to travel can check-in online as normal.

Will I still be able to check in?

Yes, all customers booked on our flights will be able to check in as normal.

Will this affect any future bookings?

The incident has been resolved and ba.com is working normally so future bookings will not be affected.

Will bookings made over the period of this incident remain confirmed?

Yes, all bookings made remain valid for travel.

If I cancelled the card my booking was made with what do I need to bring to the airport?

The payment card that was used to pay for the booking should be brought to the airport if you are the owner of the card and are travelling. However, if the payment card has expired since the booking was made and you have a new card, or you don't have the original card used for payment, please print out a copy of your flight itinerary from Manage my Booking.

I have now cancelled my credit card, but I had used that card to make a future flight booking, so how will I be able to access that booking?
You do not need to enter your payment card details when retrieving an existing booking via Manage My Booking on ba.com, so access to future booking is not restricted due to the cancellation of the payment card.
As of Wednesday 12th September, affected customers are being emailed with the following additional information

We deeply apologise for any worry and inconvenience this criminal activity has caused. For your reassurance, we’re offering you 12 months of free credit and identity monitoring services, provided by Experian, one of the UK’s leading Credit Reference agencies.

Your free ProtectMyID membership
To help you to monitor your personal information for certain signs of potential identity theft, we are offering you a free 12 month membership to Experian ProtectMyID. This service helps detect possible misuse of your personal data and provides you with identity monitoring support, focussed on the identification and resolution of identity theft.

Activating your free ProtectMyID membership
1. Ensure that you sign up for the service by 12 December 2018. Your code expires after this date.
2. Visit the ProtectMyID website to get started.
3. Click on ‘Join ProtectMyID’ (top right-hand side).
4. Enter your details along with the following activation code: XXXXXXXX
This code is unique to you and only available in this email – please keep this email for reference.

Once your membership is activated, you’ll have access to the following features:
1. Unlimited access to your Experian Credit Report.
2. Credit Alerting – an email or text to let you know when certain changes happen on your Experian Credit Report, such as the addition of a new credit search.
3. Access to an Identity Theft Resolution service if you do become a victim of fraud, where you’ll have a dedicated case worker who will support you in resolving fraud that has occurred.
4. If you are at higher risk of fraud, Experian can add protective Cifas registration to your credit report which can help prevent credit being taken in your name. The Cifas Protective Registration service places a flag alongside your name and personal details in the National Fraud Database. Companies and organisations who are signed up as members of the database will see you’re at risk and take extra steps to protect you.

If you have any questions regarding this service, then please contact Experian’s Customer Support Centre on 03444 818182*. They are open Monday to Friday, 8am to 8pm and Saturday, 9am to 5pm.
Note that the email from BA gives you a personal "Activation Code". However, when you get to the signup forms for ProtectMyID, you put the code into the second page of the sign up form in the "Promotional Code" field.
Print Wikipost

Reply

Old Sep 19, 18, 2:11 am
  #1081  
 
Join Date: Oct 2015
Location: LON/PEK
Programs: BA Silver; IHG Spire; Hertz 5*; Starbucks Gold(!)
Posts: 1,365
Originally Posted by binman View Post



has anyone received anything from Experian. I signed up and 7 days later nothing. An email to them tonight get auto reply stating 5 days to respond.

Time me to sign up to the class action
I got an email today from them along the lines of "We notice you haven't started using the service yet - click here to log in".

Snag is that I'm still waiting for them to *post* me a password. Not sure why that's necessary, but there you go. Has anyone received their password via snail mail?
Deltus is offline  
Reply With Quote
Old Sep 19, 18, 2:15 am
  #1082  
 
Join Date: Sep 2014
Location: Netherlands
Programs: AF/KL, LH, BA, Accor, Hilton, IHG, HERTZ, Avis
Posts: 19
Originally Posted by ThatT1Feeling View Post
Looking at BA’s twitter feed this morning, they’re saying they’re not offering compensation for the data breach. It’s not clear if this is a holding position or the formal ongoing policy. If they’d fulfilled their responsibilities and still got hacked, then that’s one thing. But they have clearly not followed the regulations on GDPR and PCI and saved money in the process, inconveniencing many of us through their conscious cost-cutting and transferring the burden onto us. That isn’t good enough in my opinion.
Same is upheld on the phone (at least at Dutch Customer Relations): no compensation if no "financial damage" has been caused. What a BS!!

I spent valuable time on replacing cards (as suggested per Dutch AMEX) and reconfirming hotels and other bookings for which the card served as guarantee etc etc.
Silver Fox likes this.
Bastiaan De Leeuw is offline  
Reply With Quote
Old Sep 19, 18, 2:54 am
  #1083  
 
Join Date: May 2010
Location: Scotland
Programs: BA Exec Club (Silver)
Posts: 231
Originally Posted by Deltus View Post
I got an email today from them along the lines of "We notice you haven't started using the service yet - click here to log in".

Snag is that I'm still waiting for them to *post* me a password. Not sure why that's necessary, but there you go. Has anyone received their password via snail mail?
Exact same here. Signed up for it the same day I got the original email from BA and as of today, still waiting on my PIN arriving by post.
Silver Fox likes this.
GlasgowBlue is offline  
Reply With Quote
Old Sep 19, 18, 3:08 am
  #1084  
 
Join Date: Nov 2010
Posts: 3,921
Originally Posted by origin View Post
Did you manage to set up the experian account and have you spoken to them about your address you are linked to, but not necessary financially.
I have set up the account, but speaking to Experian it seems BA is only paying for 1 address.. They say as the others are linked they will be ok. Now to sort out Mrs rapidex who is in the same boat with her card.
rapidex is online now  
Reply With Quote
Old Sep 19, 18, 3:25 am
  #1085  
 
Join Date: May 2016
Location: London
Programs: BAEC Gold; IHG Platinum Ambassador
Posts: 244
Originally Posted by GlasgowBlue View Post
Exact same here. Signed up for it the same day I got the original email from BA and as of today, still waiting on my PIN arriving by post.
Exactly the same here...
Horatio is offline  
Reply With Quote
Old Sep 19, 18, 3:44 am
  #1086  
Ambassador: World of Hyatt
 
Join Date: Mar 2002
Location: UK - the nearest airport is named after a motorway !
Posts: 3,862
Originally Posted by Tiger_lily View Post
Send the ICO’s request for information to the dpo email address. If they don’t respond within 30 days, lodge a complaint as an individual with the ICO about loss of personal data.

If you feel that the emails already received highlighting what they think was stolen is the full and final response then skip the first step and just lodge a complaint anyway. We all need to do this.
Apologies for being stupid/lazy, but what is 'the ICO’s request for information'? I'd very much like to cause BA some grief over this, but don't know where/how to start - your suggestion seems to be well-informed, but what exactly should I send to the dpo address? I'm happy to put this into the wiki if someone can give step by step instructions.

Like DYKWIA, I think that now this has dropped off mainstream media, BA will do nothing *unless forced*...
Silver Fox likes this.
Stewie Mac is offline  
Reply With Quote
Old Sep 19, 18, 4:02 am
  #1087  
 
Join Date: Dec 2016
Programs: BAEC GGL/CR; Hilton Diamond
Posts: 2,395
Originally Posted by ThatT1Feeling View Post
Looking at BA’s twitter feed this morning, they’re saying they’re not offering compensation for the data breach. It’s not clear if this is a holding position or the formal ongoing policy. If they’d fulfilled their responsibilities and still got hacked, then that’s one thing. But they have clearly not followed the regulations on GDPR and PCI and saved money in the process, inconveniencing many of us through their conscious cost-cutting and transferring the burden onto us. That isn’t good enough in my opinion.
PCI is a complete red herring. On GPDR, BA will be investigated and probably fined. That will teach them not to try and cut costs. Public interest is thereby served. What else do you want?

The problem with these rhetorical positions on why BA owe you something is that they have no legal force. You might be able to claim for time (though this hasn't cost me any of that, I followed the AMEX instructions to do nothing). The ambulance chasers are suggesting mental anguish (didn't suffer from that myself). There might be, when the GPDR fine position is clearer, some gesture from BA, but you're in no more danger than if you forget to select the "private" option on the electoral roll.


bisonrav is online now  
Reply With Quote
Old Sep 19, 18, 4:02 am
  #1088  
 
Join Date: May 2006
Location: 5 miles from EMA
Programs: BD, BAEC Bronze, Hertz 5*, Accor Plat, HHonors Diamond, Big White Season Pass
Posts: 5,041
Originally Posted by Stewie Mac View Post
Apologies for being stupid/lazy, but what is 'the ICO’s request for information'? I'd very much like to cause BA some grief over this, but don't know where/how to start - your suggestion seems to be well-informed, but what exactly should I send to the dpo address? I'm happy to put this into the wiki if someone can give step by step instructions.

Like DYKWIA, I think that now this has dropped off mainstream media, BA will do nothing *unless forced*...
I really should proofread things before hitting send.

The template to use is referenced upthread somewhere
Tiger_lily is offline  
Reply With Quote
Old Sep 19, 18, 7:28 am
  #1089  
 
Join Date: May 2010
Location: Oxon, UK
Programs: Mucci des canapes, Skywards Gold, BAEC Gold, IC Plat Amb, Accor Gold
Posts: 1,839
Well I have signed up for the class action. If BA come forward with an offer that shows they have taken this seriously within the next 14 days I will take advantage of the cooling off period and withdraw my registration. If not it will be interesting to see how they do in court.
Silver Fox and 86BA7 like this.

Last edited by pomkiwi; Sep 19, 18 at 7:50 am
pomkiwi is offline  
Reply With Quote
Old Sep 19, 18, 7:47 am
  #1090  
 
Join Date: Jul 2016
Programs: BA, Etihad
Posts: 49
Originally Posted by Stewie Mac View Post
Apologies for being stupid/lazy, but what is 'the ICO’s request for information'? I'd very much like to cause BA some grief over this, but don't know where/how to start - your suggestion seems to be well-informed, but what exactly should I send to the dpo address? I'm happy to put this into the wiki if someone can give step by step instructions.

Like DYKWIA, I think that now this has dropped off mainstream media, BA will do nothing *unless forced*...
This means you making a Data Subject Access Request. this means BA has to give you all the data they have on you, unless your request is manifestly excessive or too woolly. The ICO's standard template is here https://ico.org.uk/your-data-matters...ght-of-access/ , but this will need some editing if you want to use it. BA have up to three months to comply with your request.
TSR2 is offline  
Reply With Quote
Old Sep 19, 18, 8:23 am
  #1091  
 
Join Date: Mar 2014
Location: JAX
Programs: UA 1K, Hilton Gold, Marriott Gold
Posts: 4,230
Newegg.com has been hit by the same malware:


https://www.volexity.com/blog/2018/0...-again-newegg/
adrianlondon likes this.
TomMM is offline  
Reply With Quote
Old Sep 19, 18, 9:41 am
  #1092  
 
Join Date: Mar 2018
Programs: BAEC
Posts: 17
Am i correct in saying someone had booked a flight in the time the breach had occurred and was able to get a full refund due to a certain part of the law?
CharlesTheTog is offline  
Reply With Quote
Old Sep 19, 18, 9:50 am
  #1093  
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
 
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 38,804
Originally Posted by CharlesTheTog View Post
Am i correct in saying someone had booked a flight in the time the breach had occurred and was able to get a full refund due to a certain part of the law?
Welcome to Flyertalk and welcome to the BA forum, CharlesTheTog, it's good to see you here and I hope we see more of you. From what I can make out, refunds - or non charges - were made to people with particular circumstances in play - for example they cancelled the card and cancelled recent BA transactions on the card. BA could pursue the cardholder but have elected not to do so. Section 75 of the Consumer Credit Act provides a remedy for breach of contract or misrepresentation.
corporate-wage-slave is online now  
Reply With Quote
Old Sep 19, 18, 9:54 am
  #1094  
 
Join Date: Aug 2015
Location: London, UK
Programs: BAEC Gold
Posts: 1,234
Originally Posted by CharlesTheTog View Post
Am i correct in saying someone had booked a flight in the time the breach had occurred and was able to get a full refund due to a certain part of the law?
Yes, but you won't be able to fly the ticket.

...but what if you made the claim after the flights...
armouredant is offline  
Reply With Quote
Old Sep 20, 18, 6:46 am
  #1095  
 
Join Date: Sep 2008
Location: ANR, BELGIUM
Programs: EXTRAORDINAIRE
Posts: 317
Got the below my mail from BA today (based in Belgium) , in response to what details could have been compromised .
In addition also got another mail about trying to claim tp & avios (which I never did).
Don't know where this is heading, did anyone else outside UK get calls or mails ?


**Please DO NOT reply directly to this email by using the ‘reply’ function on your personal email settings, as it WILL NOT be received. If you wish to send us a reply please use the link at the bottom of the email**











Dear Mr Diamantaire

Thanks for getting in touch about the recent data theft and please accept my apologies for any inconvenience or concern this may have caused you. Please accept my apology for the delay in responding.Our investigations to date confirm the theft occurred from 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018 inclusive. Accordingly, you would only be affected by this if you made, or changed, a booking during this time on ba.com or the mobile app. We want to reassure you that our website and mobile app are now working normally.The personal information compromised includes name, billing address, email address and all payment card information. This includes your card number, expiry date and CVV. No passport or travel details were stolen. As we wrote to you previously, unfortunately this information could be used to conduct fraudulent transactions using your bank or credit card account. Any passengers on the booking who have payment cards saved with us are not impacted, unless their card was used to make payment for the booking between 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018 inclusive.If you have noticed a fraudulent transaction on your card, in the first instance, please contact your bank or credit card provider and follow their recommended advice.



It’s important you’re not out of pocket as a consequence of the data theft so we have partnered with the banks and credit card providers to ensure you are reimbursed as swiftly as possible. In the first instance, the card provider should be your point of contact to analyse any suspicious payments and make sure you get any funds re-credited as quickly as possible. If you have any incidental costs which are not covered, you should contact us in writing. In order for us to review your claim, please provide us with the following details:

• The booking reference created between 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018.
• The actual date you made your booking.
• The email address and contact number in the booking that was created.
• Any receipts and/or bank statements to support your claim.Additionally, please could you confirm that you are not making a claim with your bank, credit card provider or any insurance policy you may hold for these same incidental expenses.

You can send us your information by email or post using the following details:



[email protected]

British Airways Plc
Customer Relations
PO Box 286118
28361 Bremen
Germany

Please accept our deepest apologies for any inconvenience caused by the criminal activity. We’ll be in touch with you when we’ve received your information. If you have any questions about this, you can reply to this email directly using the blue link below.



I look forward to hearing from you soon.







Best regards

NAME OF CUST SERVICE AGENT
British Airways Customer Relations
Your case reference is:*******Please use the following link to send us a reply and quote your case reference ********** in any correspondence with us: replyto.me.ba **Please do not send payment card details via email**


**************************



OTHER CONTACT INFORMATION



**************************



If you have a general query about British Airways or your journey with us, you can ask your question online:



http://www.ba.com/yourquestions



**************************



LEGAL INFORMATION



**************************


This email was sent to you by British Airways Plc - Waterside, Speedbird Way, Harmondsworth, UB7 0GB, United Kingdom. (To find out more, click here www.ba.com/aboutba)This email is intended solely for the addressee(s) and the information it contains is confidential. If you are not the intended recipient (a) please delete the email and inform the sender as soon as possible, and (b) any copying, distribution or other action taken or omitted to be taken in reliance upon it is prohibited and may be unlawful.



This message is private and confidential and may also be legally privileged. If you have received this message in error, please email it back to the sender and immediately permanently delete it from your computer system. Please do not read, print, re-transmit, store or act in reliance on it or any attachments. British Airways may monitor email traffic data and also the content of emails, where permitted by law, for the purposes of security and staff training and in order to prevent or detect unauthorised use of the British Airways email system. Virus checking of emails (including attachments) is the responsibility of the recipient. British Airways Plc is a public limited company registered in England and Wales. Registered number: 1777777. Registered office: Waterside, PO Box 365, Harmondsworth, West Drayton, Middlesex, England, UB7 0GB. Additional terms and conditions are available on our website: www.ba.com

Last edited by diamantaire; Sep 20, 18 at 7:00 am
diamantaire is offline  
Reply With Quote

Thread Tools
Search this Thread